FI SV EN
Back to site

PRIVACY POLICY

At sahkonhinnatnyt.fi, we process personal data transparently and in line with GDPR and applicable Finnish law.

- Data Controller
- Controller: [Company legal name / current operator legal name]
- Business ID: [Business ID]
- Address: [Registered address]
- Privacy contact: [[email protected]]
- DPO/contact person (if applicable): [Name/contact]

If service is operated pre-incorporation, current responsible operator details are shown above and updated immediately after incorporation.

- What personal data means
Personal data means any information relating to an identified or identifiable natural person (for example, IP address, email, tracking identifiers, and behavioral data linked to a user/session).

- Data subjects and processing contexts
A) Website visitors
- Data: IP, device/browser info, session data, page events
- Why: core service delivery, security, analytics

B) Contact form users / support requesters
- Data: name, email, message content, metadata
- Why: respond to inquiries, maintain support records

C) Comparison click-through users
- Data: click events, selected filters, referral IDs, campaign parameters
- Why: render comparison flows, attribution, fraud prevention, service optimization

- Processing activities (operational matrix)

| Data category | Purpose | Legal basis | Typical recipients | Retention (indicative) |
|---|---|---|---|---|
| Device + log data | Site operation, uptime, abuse prevention | Legitimate interest / necessity | Hosting/CDN/security vendors | 624 months |
| Consent data | Record consent choices and versioning | Legal obligation / legitimate interest | CMP provider, internal compliance | 2460 months |
| Analytics events | Usage measurement and UX improvement | Consent (non-essential analytics) | Analytics processor(s) | 1426 months |
| Contact form data | User support, issue resolution | Legitimate interest / pre-contractual steps | Helpdesk/email providers | 1224 months |
| Affiliate attribution data | Referral measurement and partner settlement | Consent (non-essential tracking) | Affiliate/ad partners/processors | 30180 days (ID), longer in aggregated reports |

- Profiling and marketing-related processing
We may conduct limited profiling for analytics, ad attribution, and performance measurement. However, we do not carry out solely automated decision-making that produces legal effects or similarly significant effects on users within the meaning of Article 22 GDPR.

- Recipients and processors
We may share personal data with:
- Hosting and infrastructure providers
- Analytics providers
- Consent management platform (CMP) provider
- Advertising and affiliate partners/processors
- Legal/accounting advisors
- Authorities where legally required

Processor relationships are governed by contracts where required.

- International transfers
If personal data is transferred outside the EEA, we use legal transfer mechanisms (e.g., adequacy decisions or SCCs) and supplementary safeguards where required.

- Security controls
We apply reasonable technical and organizational measures, including:
- Access controls (least privilege)
- Encrypted transport (HTTPS/TLS)
- Credential and environment segregation
- Logging/monitoring for abuse and security events
- Restricted admin access and periodic access reviews
Hosting region: [EEA/EU preferred region, specify provider/region]

- Data breach response
In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will comply with applicable notification obligations under the GDPR, including notifying the competent supervisory authority and affected individuals where legally required.

- Childrens data
Service is not directed to children. We do not knowingly collect personal data from children without valid legal basis and required consent.

- Your rights
You may have rights to access, rectify, erase, restrict, object, portability, and withdraw consent for consent-based processing.
Contact: [[email protected]]

- Complaint authority
You may lodge a complaint with:
Finnish Data Protection Ombudsman (Privacyavaltuutettu).
Reference hub: https://tietosuoja.fi/en/legislation

- Changes
We may update this policy. Material updates are published with a revised date.